Security of Khudra Against Meet-in-the-Middle-Type Cryptanalysis
|
摘要
Khudra is a lightweight block cipher proposed in SPACE 2014. The cipher is designed for Field programmable gate array(FPGA) based platforms. In this paper, we introduce the first biclique attack on full Khudra in the single key setting, with time complexity of 278.3 encryptions. The time complexity can be further reduced if the post-whitening key is omitted. Furthermore, based on the bicliques constructed, Meet-in-the-middle(MITM)attack is applied to 15-round Khudra, and the best result of Khudra in terms of attacked rounds against MITM attack is achieved.
Khudra is a lightweight block cipher proposed in SPACE 2014. The cipher is designed for Field programmable gate array(FPGA) based platforms. In this paper, we introduce the first biclique attack on full Khudra in the single key setting, with time complexity of 278.3 encryptions. The time complexity can be further reduced if the post-whitening key is omitted. Furthermore, based on the bicliques constructed, Meet-in-the-middle(MITM)attack is applied to 15-round Khudra, and the best result of Khudra in terms of attacked rounds against MITM attack is achieved.
Khudra is a lightweight block cipher proposed in SPACE 2014. The cipher is designed for Field programmable gate array(FPGA) based platforms. In this paper, we introduce the first biclique attack on full Khudra in the single key setting, with time complexity of 278.3 encryptions. The time complexity can be further reduced if the post-whitening key is omitted. Furthermore, based on the bicliques constructed, Meet-in-the-middle(MITM)attack is applied to 15-round Khudra, and the best result of Khudra in terms of attacked rounds against MITM attack is achieved.
引文
[1]A.Bogdanov,et al.,“PRESENT:An ultra-lightweight block cipher”,Proc.of CHES 2007.Vienna,Austria,Vol.4727,pp.450-466,2007.
[2]C.De Cannière,et al.,“KATAN and KTANTAN-A family of Small and Efficient hardware-oriented block ciphers”,Proc.of CHES 2009.Lausanne,Switzerlard,Vol.5747,pp.272-288,2009.
[3]W.Wu and L.Zhang,“LBlock:A lightweight block cipher”,Proc.of ACNS,Nerja,Spain,Vol.6715,pp.327-344,2011.
[4]R.Beaulieu,et al.,“The SIMON and SPECK lightweight block ciphers”,Proc.of ACM,Seaffle,Washingfon,USA,pp.3-20,2015.
[5]S.Kolay and D.Mukhopadhyay,“Khudra:A new lightweight block cipher for FPGAs”,Proc.of SPACE,Pune,India,Vol.8804,pp.126-145,2014.
[6]K.Nyberg,“Generalized feistel networks”,ASIACRYPT1996,LNCS,Vol.1163,pp.91-104,1996.
[7]L.Zhang and W.Wu,“Improved differential and linear active S-boxes search techniques for Feistel Type Ciphers”,Chinese Journal of Electronics,Vol.24,No.2,pp.343-348,2015.
[8]Y.Wang,W.Wu,L.Zhang,“Diffusion and security evaluation of feistel-PG”,Chinese Journal of Electronics,Vol.26,No.4,pp.734-739,2017.
[9]X.Ma and K.Qiao,“Related-key rectangle attack on roundreduced Khudra block cipher”,Proc.of Network and System Security,New York USA,pp.331-344,2015.
[10]Q.Yang,et al.,“Related-key impossible differential analysis of Full Khudra”,Proc.of IWSEC,Tokyo,Japan,pp.135-146,2016
[11]M.Tolba,et al.,“Meet-in-the-Middle attacks on roundreduced Khudra”,Proc.of SPACE,Jaipur,India pp.127-138,2015.
[12]M.?zen,M.?ban and F.Karako?,“A guess-and-determine attack on reduced-round khudra and weak keys of full cipher”,Cryptology ePrint Archive,Report 2015/1163(2015).http://eprint.iacr.org/.
[13]W.Diffie and M.E.Hellman,“Special feature exhaustive cryptanalysis of the NBS data encryption standard”,IEEEComputer,Vol.10,No.6,pp.74-84,1977.
[14]Sazaki Y,“Meet-in-the-Middle preimage attacks on AEShashing modes and an application to Whirlpool”,Proc.of FSE,Lyngby,Denmark,pp.378-396,2011.
[15]W.Zhang and X.Liu,“An related-key Meet-in-themiddle algebraic attack on the NLFSR based block cipher KTANTAN32”,Aota Electrouica Sinica,Vol.40,No.10,pp.2097-2100,2012.(in Chinese)
[16]A.Bogdanov,D.Khovratovich and C.Rechberger,“Biclique Cryptanalysis of the Full AES”,Proc.of ASIACYPT,Secul,South Korea,pp.344-371,2011.
[17]T.Isobe and K.Shibutani,“Security analysis of the lightweight block ciphers XTEA,LED and Piccolo”,Proc.of Information Security and Privacy,Wollongong,Arstralia,Vol.7372,pp.71-86,2012.
[18]Y.Wang and W.Wu,“Meet-in-the-Middle attack on TWINE block cipher”,Journal of Software,Vol.26,No.10,pp.2684-2695,2015.
[2]C.De Cannière,et al.,“KATAN and KTANTAN-A family of Small and Efficient hardware-oriented block ciphers”,Proc.of CHES 2009.Lausanne,Switzerlard,Vol.5747,pp.272-288,2009.
[3]W.Wu and L.Zhang,“LBlock:A lightweight block cipher”,Proc.of ACNS,Nerja,Spain,Vol.6715,pp.327-344,2011.
[4]R.Beaulieu,et al.,“The SIMON and SPECK lightweight block ciphers”,Proc.of ACM,Seaffle,Washingfon,USA,pp.3-20,2015.
[5]S.Kolay and D.Mukhopadhyay,“Khudra:A new lightweight block cipher for FPGAs”,Proc.of SPACE,Pune,India,Vol.8804,pp.126-145,2014.
[6]K.Nyberg,“Generalized feistel networks”,ASIACRYPT1996,LNCS,Vol.1163,pp.91-104,1996.
[7]L.Zhang and W.Wu,“Improved differential and linear active S-boxes search techniques for Feistel Type Ciphers”,Chinese Journal of Electronics,Vol.24,No.2,pp.343-348,2015.
[8]Y.Wang,W.Wu,L.Zhang,“Diffusion and security evaluation of feistel-PG”,Chinese Journal of Electronics,Vol.26,No.4,pp.734-739,2017.
[9]X.Ma and K.Qiao,“Related-key rectangle attack on roundreduced Khudra block cipher”,Proc.of Network and System Security,New York USA,pp.331-344,2015.
[10]Q.Yang,et al.,“Related-key impossible differential analysis of Full Khudra”,Proc.of IWSEC,Tokyo,Japan,pp.135-146,2016
[11]M.Tolba,et al.,“Meet-in-the-Middle attacks on roundreduced Khudra”,Proc.of SPACE,Jaipur,India pp.127-138,2015.
[12]M.?zen,M.?ban and F.Karako?,“A guess-and-determine attack on reduced-round khudra and weak keys of full cipher”,Cryptology ePrint Archive,Report 2015/1163(2015).http://eprint.iacr.org/.
[13]W.Diffie and M.E.Hellman,“Special feature exhaustive cryptanalysis of the NBS data encryption standard”,IEEEComputer,Vol.10,No.6,pp.74-84,1977.
[14]Sazaki Y,“Meet-in-the-Middle preimage attacks on AEShashing modes and an application to Whirlpool”,Proc.of FSE,Lyngby,Denmark,pp.378-396,2011.
[15]W.Zhang and X.Liu,“An related-key Meet-in-themiddle algebraic attack on the NLFSR based block cipher KTANTAN32”,Aota Electrouica Sinica,Vol.40,No.10,pp.2097-2100,2012.(in Chinese)
[16]A.Bogdanov,D.Khovratovich and C.Rechberger,“Biclique Cryptanalysis of the Full AES”,Proc.of ASIACYPT,Secul,South Korea,pp.344-371,2011.
[17]T.Isobe and K.Shibutani,“Security analysis of the lightweight block ciphers XTEA,LED and Piccolo”,Proc.of Information Security and Privacy,Wollongong,Arstralia,Vol.7372,pp.71-86,2012.
[18]Y.Wang and W.Wu,“Meet-in-the-Middle attack on TWINE block cipher”,Journal of Software,Vol.26,No.10,pp.2684-2695,2015.